Skip to navigation

PCPro-Computing in the Real World Printed from www.pcpro.co.uk

Register to receive our regular email newsletter at http://www.pcpro.co.uk/registration.

The newsletter contains links to our latest PC news, product reviews, features and how-to guides, plus special offers and competitions.

Real World Computing

You've been Conficked...

Posted on 30 Mar 2009 at 15:52

Davey Winder gets to grips with the Conficker worm and discovers that prevention is better than cure.

How can I get rid of Conficker?

Assuming that you're not going to wait for those rogue removal tools to arrive - and there will probably be a few already doing the rounds by the time you read this, even if Conficker itself hasn't started bombing desktops - then you'll need to settle upon a sensible removal strategy if you're unfortunate enough to find the worm residing on your computers. First, remember that you'll have to effectively isolate each machine on the network to prevent it being reinfected by others that you've yet to disinfect. Second, try the easy approach, by which I mean contacting your security vendor's support people to see if they have a removal tool available. Alternatively, try Microsoft's Malicious Software Removal tool, which has been updated to remove the Conficker family: this is a standalone binary that you can download (via a clean machine if yours prevents access) from http://support.microsoft.com/kb/890830. Users of the Microsoft Desktop Optimisation Pack 6 at www.microsoft.com/windows/enterprise/technologies/mdop.aspx can also use the Standalone System Sweeper tool. Oh, and don't forget to apply the MS08-067 update to all Windows computers in order to prevent a reinfection.

Microsoft has also provided an in-depth manual removal solution for those who need to get truly hands-on with this. Unfortunately, space prevents me from going through this in detail here, so I suggest that anyone interested visits http://support.microsoft.com/kb/962007 for the full skinny.

Prevention is better than cure

My doctor is very keen on the old maxim that "prevention is better than cure", and this is exactly the approach you should take when talking about IT security. When it comes to Conficker, this means doing a number of things. First, and it's worth repeating so I will, install that MS08-067 security update in full - or at least as fully as your network environment will allow, because for bigger and more diverse business applications that can be problematical. Which is why it's also important to follow a few other steps to shore up those defences. Apart from the obvious one of having strong antivirus solutions in place and using only strong passwords, there are the perhaps less-obvious ones such as disabling the AutoPlay function. Seriously, would you actually miss it? In fact, do you actually use it for anything worthwhile at all? Microsoft has an excellent explanation of how to manage the AutoPlay configuration within your network environment at http://technet.microsoft.com/en-us/magazine/2008.01.securitywatch.aspx.

1 2 3 4
Be the first to comment this article

You need to Login or Register to comment.

(optional)

Davey Winder

Davey Winder

Davey is a contributing editor to PC Pro, having covered the internet as a topic since the magazine started in 1994. Since that time he's won numerous awards for his journalism, but remains a small-business consultant specialising in privacy, security and usability issues.

Read more More by Davey Winder

advertisement

Latest Real World Computing
Latest Blog Posts Subscribe to our RSS Feeds
Latest News Stories Subscribe to our RSS Feeds
Latest Reviews Subscribe to our RSS Feeds

advertisement

Sponsored Links
 
SEARCH
SIGN UP

Your email:

Your password:

remember me

advertisement


Hitwise Top 10 Website 2008